@kapaai/support-form-deflector

## Troubleshooting

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

joe-kapabauefikapassem

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@kapaai/gc-publisher	AI (dependencies): Same-org scoped dep (@kapaai) not directly imported; stable pattern across versions of this package.	ai	2026/05/18
phantom-deps	phantom-dep:@kapaai/react-sdk	AI (phantom-deps): Same-org dep added as runtime dependency; phantom-dep heuristic fires because it's not directly imported at the analyzed entry point.	ai	2026/05/06
phantom-deps	phantom-dep:@kapaai/utils	AI (phantom-deps): Same org scope; likely re-exported or used indirectly via bundled output rather than direct import.	ai	2026/05/06
provenance	no-provenance	AI (provenance): Established @kapaai org package with 74 versions; lack of provenance is consistent across all releases.	ai	2026/05/01
phantom-deps	phantom-dep:chroma-js	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:react-dom	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:ts-loader	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:remark-gfm	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:remark-html	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@mantine/form	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:remark	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@emotion/react	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@mantine/hooks	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@emotion/styled	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@tabler/icons-react	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@kapaai/gc-publisher	AI (phantom-deps): Same-org internal dep; stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@fingerprintjs/fingerprintjs-pro-react	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:framer-motion	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:prismjs	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:process	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30
phantom-deps	phantom-dep:turndown	AI (phantom-deps): Bundled React library; deps consumed via webpack, not direct imports. Stable FP for this package.	ai	2026/04/30

Versions (showing 18 of 18)

Version	Deps	Published
0.17.5	22 / 21	2026-05-13
0.17.4	22 / 21	2026-04-28
0.17.3	22 / 21	2026-04-28
0.16.2	22 / 21	2026-04-17
0.16.1	22 / 21	2026-04-07
0.16.0	22 / 21	2026-04-03
0.15.0	22 / 21	2026-04-02
0.14.2	23 / 20	2026-03-27
0.14.1	23 / 20	2026-03-24
0.14.0	23 / 20	2026-03-23
0.13.0	22 / 18	2026-03-16
0.12.1	22 / 18	2026-01-16
0.12.0	22 / 18	2026-01-05
0.11.2	22 / 18	2025-12-19
0.11.1	22 / 18	2025-12-18
0.10.1	20 / 18	2025-08-13
0.10.0	20 / 18	2025-06-09
0.9.20	20 / 18	2025-06-05

v0.17.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.17.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.15.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.14.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.14.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.14.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.13.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.20

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.